package com.guigu.liuzhireng.interceptor;

import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Controller;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;

@Controller
public class AuthInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        // 获取 session 中的所有的权限
        List<String> authlist = (List<String>) request.getSession().getAttribute("auths");
        // 获取按钮传递的权限
        String btnAuth = request.getParameter("auths");

        if (StringUtils.isNotBlank(btnAuth)){
            if (authlist.contains(btnAuth)) {
                // 允许通过
                return true;
            } else {
                // 不通过 跳转
                response.sendRedirect("/TZ.do/TiaoZhuan");
                return false;
            }
        }else {
            return true;
        }

    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}
